Identifying network traffic botnet for internet of things using machine learning algorithms
The Internet of Things (IoT) is one of the latest technologies in the field of telecommunication. However, security of the network is a prominent challenge in IoT. Among the security risks, a Botnet has been identified to cause a significant threat to the network. A Botnet is a network of private co...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/107041/1/AmirhosseinRezaeiPFTIR2021.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-utm-ep.107041 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-utm-ep.1070412024-08-29T02:48:24Z Identifying network traffic botnet for internet of things using machine learning algorithms 2021 Rezaei, Amirhossein T Technology (General) TK5101-6720 Telecommunication The Internet of Things (IoT) is one of the latest technologies in the field of telecommunication. However, security of the network is a prominent challenge in IoT. Among the security risks, a Botnet has been identified to cause a significant threat to the network. A Botnet is a network of private computers infected with malicious software and being controlled as a group without the owners' knowledge. The Botnet is normally used to send spam, steal data, and carry out Distributed Denial of Service attack. It also allows the attacker to access the devices and their connections. The master (owner) organized the Botnet by using Command and Control (C&C) software. One of the method of detection is Ensemble Learning method, which is a technique of Machine Learning. Ensemble Learning models use several models of the same kind for classifying or regressing the output. The idea behind such a technique is to use several weak predictors together to create a strong predictor. There are several types of research on the detection of Botnet using Machine Learning methods. However, each method has its limitations such as real-time monitoring, timely detection, and adaptability to new threats. Among all studies that have been reviewed, none of them explained why they choose specific methods for detecting Botnet. Also, they focus on a specific type of Botnet or specific operating systems and devices. Hence, this study aims to improve the Network Traffic Botnet identification through features reduction and ensemble learning methods, and to identify the best machine learning method to detect the Botnet in IoT networks. This is achieved by first finding the best of supervised learning, unsupervised learning, and regression learning methods. Then used the two best of them in the Ensemble Learning method for achieving the best possible result. To validate the accuracy of the proposed model, 790745 normal domain names and 199772 malicious domain names have been collected from 3 different sources. To ensure the method is not overfitting, the cross-validation technique was used. All machine learning algorithms that have been used in this study are developed in Python 3 on the same computer for equalization of speed. It is found that the proposed model is the best in the matter of accuracy achieved 100% and reduce the number of features from 204 to only 20 by combining the two best of the machine learning methods: Decision Tree and Artificial Neural Networks. This Ensemble Learning method is useful for identifying Botnet and Bots during communication in IoT networks. 2021 Thesis http://eprints.utm.my/107041/ http://eprints.utm.my/107041/1/AmirhosseinRezaeiPFTIR2021.pdf application/pdf en public http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:156364?site_name=GlobalView&query=Identifying+network+traffic+botnet+for+internet+of+things+using+machine+learning+algorithms&queryType=vitalDismax phd doctoral Universiti Teknologi Malaysia Razak Faculty of Technology and Informatics Internet of Things (IoT), Command and Control (C&C). |
| institution |
Universiti Teknologi Malaysia |
| collection |
UTM Institutional Repository |
| language |
English |
| topic |
T Technology (General) TK5101-6720 Telecommunication |
| spellingShingle |
T Technology (General) TK5101-6720 Telecommunication Rezaei, Amirhossein Identifying network traffic botnet for internet of things using machine learning algorithms |
| description |
The Internet of Things (IoT) is one of the latest technologies in the field of telecommunication. However, security of the network is a prominent challenge in IoT. Among the security risks, a Botnet has been identified to cause a significant threat to the network. A Botnet is a network of private computers infected with malicious software and being controlled as a group without the owners' knowledge. The Botnet is normally used to send spam, steal data, and carry out Distributed Denial of Service attack. It also allows the attacker to access the devices and their connections. The master (owner) organized the Botnet by using Command and Control (C&C) software. One of the method of detection is Ensemble Learning method, which is a technique of Machine Learning. Ensemble Learning models use several models of the same kind for classifying or regressing the output. The idea behind such a technique is to use several weak predictors together to create a strong predictor. There are several types of research on the detection of Botnet using Machine Learning methods. However, each method has its limitations such as real-time monitoring, timely detection, and adaptability to new threats. Among all studies that have been reviewed, none of them explained why they choose specific methods for detecting Botnet. Also, they focus on a specific type of Botnet or specific operating systems and devices. Hence, this study aims to improve the Network Traffic Botnet identification through features reduction and ensemble learning methods, and to identify the best machine learning method to detect the Botnet in IoT networks. This is achieved by first finding the best of supervised learning, unsupervised learning, and regression learning methods. Then used the two best of them in the Ensemble Learning method for achieving the best possible result. To validate the accuracy of the proposed model, 790745 normal domain names and 199772 malicious domain names have been collected from 3 different sources. To ensure the method is not overfitting, the cross-validation technique was used. All machine learning algorithms that have been used in this study are developed in Python 3 on the same computer for equalization of speed. It is found that the proposed model is the best in the matter of accuracy achieved 100% and reduce the number of features from 204 to only 20 by combining the two best of the machine learning methods: Decision Tree and Artificial Neural Networks. This Ensemble Learning method is useful for identifying Botnet and Bots during communication in IoT networks. |
| format |
Thesis |
| qualification_name |
Doctor of Philosophy (PhD.) |
| qualification_level |
Doctorate |
| author |
Rezaei, Amirhossein |
| author_facet |
Rezaei, Amirhossein |
| author_sort |
Rezaei, Amirhossein |
| title |
Identifying network traffic botnet for internet of things using machine learning algorithms |
| title_short |
Identifying network traffic botnet for internet of things using machine learning algorithms |
| title_full |
Identifying network traffic botnet for internet of things using machine learning algorithms |
| title_fullStr |
Identifying network traffic botnet for internet of things using machine learning algorithms |
| title_full_unstemmed |
Identifying network traffic botnet for internet of things using machine learning algorithms |
| title_sort |
identifying network traffic botnet for internet of things using machine learning algorithms |
| granting_institution |
Universiti Teknologi Malaysia |
| granting_department |
Razak Faculty of Technology and Informatics |
| publishDate |
2021 |
| url |
http://eprints.utm.my/107041/1/AmirhosseinRezaeiPFTIR2021.pdf |
| _version_ |
1811772236613287936 |